Domain Shadowing

Domain shadowing is an attack technique in which a threat actor gains unauthorized access to a legitimate domain's [[dns|DNS]] registrar account and silently creates malicious subdomains under that trusted domain, without disrupting the parent site. Because the parent domain has an established reputation, the shadowed subdomains inherit its trust score and are less likely to be blocked by security filters. The attack typically uses [[domain-hijacking|account credential theft]] rather than full domain takeover, allowing it to persist undetected. Shadowed subdomains are commonly used to host phishing pages, malware delivery, or command-and-control infrastructure.